UGC Guard Docs

English

Deutsch

English

Deutsch

Appearance

Login

Find out more about Branded Logins and OIDC / Identity Providers / SSO.

Branded Login

Every organization has a branded login page. You can find the URL to the branded login page on the Organizations page or as an admin under Settings:Identity Providers.

The branded login page is the perfect starting point for your reviewers to register / login using either username or email + password or a custom Identity Provider.

The content of this page is defined by the image, name and description of your organization. As these information are publicly accessable (with the branded login url and by using the API), they should not include secret information.

Identity Providers / Single-Sign-On (SSO)

DANGER

UGC Guard trusts the Identity Providers that you setup. Do not register identity providers that are not credible as they could offer access to accounts / organizations to those who should not have access to these.

Identity Providers are third-party services which handle the login and identity of a user for UGC Guard. They are also known as Single-Sign-On solutions. We call them Identity Providers because they provide UGC Guard with a trusted identity. Identity Providers are defined per organization.

To login or register using an identity provider, users have to access your branded login page. Then they are offered to login with the identity provider. You can disable new accounts to login with the provider as well as deactivate auto linking of existing accounts with the provider.

WARNING

Auto-linking is not available on the hosted version of UGC Guard. A user can therefore only exist with up to one identity provider, and can not login with a provider, if the account already exists.

Setup an identity provider

INFO

Only admins can create or update identity providers

Head to Settings and select Identity Providers. Hee you can add new Identity Providers. You need the Client ID, Client Secret, Discovery URL and Scopes of the Identity Provider. Note that:

  • The Identity Provider has to support a discovery-url.
  • The Identity Provider has to support OpenID Connect (OAuth2 is not sufficient).
  • The Identity Provider has to send a unique field sub and email.

Save and logout. Then head to the branded login page to try out the integration.

Mappings

INFO

To edit these fields, you need to update the Identity Provider using the UGC Guard API. We are adding this to the UI in a future update

You can update an identity provider object to tell UGC Guard where it can find personal information in the identity provider. Everytime a user logins using the identity provider, we update fields that have changed. The personal information from the identity provider overwrites custom set information on UGC Guard.

Available fields are:

Field : default
identity_token_user_field : "sub"
identity_token_email_field : "email"
identity_token_username_field : "preferred_username"
identity_token_name_field : "name"
identity_token_avatar_url_field : "picture"
identity_token_channels_mapper_field : "channels"